From owner-freebsd-current Thu Oct 26 11: 6:55 2000 Delivered-To: freebsd-current@freebsd.org Received: from pike.osd.bsdi.com (pike.osd.bsdi.com [204.216.28.222]) by hub.freebsd.org (Postfix) with ESMTP id E20A937B4CF for ; Thu, 26 Oct 2000 11:06:52 -0700 (PDT) Received: from laptop.baldwin.cx (ether.osd.bsdi.com [204.216.28.196]) by pike.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e9QI5mf45132; Thu, 26 Oct 2000 11:05:49 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <39F807E6.69AD0CBB@zort.on.ca> Date: Thu, 26 Oct 2000 11:06:34 -0700 (PDT) From: John Baldwin To: Rod Taylor Subject: Re: entropy reseeding is totally broken Cc: current@FreeBSD.org, Doug Barton Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 26-Oct-00 Rod Taylor wrote: > Doug Barton wrote: >> >> Wesley Morgan wrote: >> > >> > I'm not knocking anyone or any code, especially considering this IS >> > -current... BUT... I don't need to read the code to know that I am seeing >> > the same fortunes on first login after reboot more often than I can >> > attribute to random chance. Maybe nanotime is being harvested, but it >> > seems that there is a time lag between system startup and reaching a state >> > of "true pseudo-entropy". Also, every reboot has entropy caching failing >> > to work. I don't know if this is a product of the broken reseeding or >> > what, because the /etc/rc files seem to be fine. >> >> How exactly are you rebooting? If you're using the 'reboot' command, >> that explains why entropy reseeding is not working. As has been >> discussed several times on -current, you only run rc.shutdown if you use >> another method, like 'shutdown -r now', 'init 6', or even the trust >> three-finger salute. > > How about when I hit the reset button? That case SHOULD be taken care > of too! Would it not be possible to sample /dev/random to store the > entropy every hour or so that the system runs? Atleast that way you > would be guarenteed to have something. And if a malicious user on your machine grabs the saved entropy file and then reboots your machine using some exploit of some sort? Granted neither of these tasks may be easy, and it could be done in such a way that the first requires root access. -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message